diff options
| author |   Varun Prakash <varun@chelsio.com> | 2022-09-21 00:04:44 +0530 |
|---|---|---|
| committer |   Christoph Hellwig <hch@lst.de> | 2022-09-27 09:22:08 +0200 |
| commit | f614b937d850193588f161ff854a4e19940a5e43 (patch) | |
| tree | 0ac6ca449fa3b1ae904cb3bfb82086bf6261ca0e /drivers/nvme | |
| parent | nvmet-tcp: fix NULL pointer dereference during release (diff) | |
| download | wireguard-linux-f614b937d850193588f161ff854a4e19940a5e43.tar.xz wireguard-linux-f614b937d850193588f161ff854a4e19940a5e43.zip | |
nvmet-tcp: handle ICReq PDU received in NVMET_TCP_Q_LIVE state
As per NVMe/TCP transport specification ICReq PDU is the first PDU received
by the controller and controller should receive only one ICReq PDU.
If controller receives more than one ICReq PDU then this can be considered
as fatal error.
nvmet-tcp driver does not check for ICReq PDU opcode if queue state is
NVMET_TCP_Q_LIVE. In LIVE state ICReq PDU is treated as CapsuleCmd PDU,
this can result in abnormal behavior.
Add a check for ICReq PDU in nvmet_tcp_done_recv_pdu() to fix this issue.
Signed-off-by: Varun Prakash <varun@chelsio.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'drivers/nvme')
| -rw-r--r-- | drivers/nvme/target/tcp.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c index 70baeab6af30..1762e2e90585 100644 --- a/drivers/nvme/target/tcp.c +++ b/drivers/nvme/target/tcp.c @@ -961,6 +961,13 @@ static int nvmet_tcp_done_recv_pdu(struct nvmet_tcp_queue *queue) return nvmet_tcp_handle_icreq(queue); } + if (unlikely(hdr->type == nvme_tcp_icreq)) { + pr_err("queue %d: received icreq pdu in state %d\n", + queue->idx, queue->state); + nvmet_tcp_fatal_error(queue); + return -EPROTO; + } + if (hdr->type == nvme_tcp_h2c_data) { ret = nvmet_tcp_handle_h2c_data_pdu(queue); if (unlikely(ret)) |